CYBER SECURITY NEWS – WEEK OF JULY 24, 2023
DHL investigating MOVEit breach as number of victims surpasses 20 million
- The United Kingdom arm of shipping giant DHL said it is investigating a data breach sourced back to its use of the MOVEit software, which has been exploited by a Russia-based ransomware group for nearly two months.
- In a statement to Recorded Future News, DHL confirmed that one of its software providers was impacted by the vulnerability affecting MOVEit, a file-sharing tool from Progress Software.
- “Upon being made aware of the incident, DHL quickly launched an investigation working with relevant experts to understand the impacts,” a spokesperson said. “This investigation is ongoing, and we will continue to communicate with those affected when we have more information to share.”
- DHL becomes the latest major company to announce a breach related to the Clop ransomware gang’s exploitation of the MOVEit bug.
Suzuki-authorized dealer websites leaked customers’ sensitive information
- In the latest discovery by the Cybernews research team, two Suzuki-authorized dealer websites were found to be leaking sensitive information. Files that should be secure and kept private were left publicly accessible.
- “We’ve grown to trust our local car sellers. Rarely do car manufacturers sell their cars directly. But these leaks are significant in showing that regional dealers are yet to catch up to a changing threat environment. More stringent cybersecurity practices are needed,” our researchers said.
- The first dealership is operating in Brazil, a market of 214.3 million people that are already exposed to an elevated crime rate. The second auto dealer is located in Bahrain, an island country in the Middle East with a population of 1.46 million.
Tampa General Hospital says hackers exfiltrated the data of 1.2 million patients
- Tampa General Hospital has recently confirmed that hackers gained access to its network and stole files containing the protected health information of up to 1.2 million patients.
- A security breach was detected on May 31, 2023, when suspicious activity was identified within its network. The affected systems were immediately taken offline to prevent further unauthorized access and a third-party digital forensics firm was engaged to investigate the incident and determine the nature and scope of the attack.
- The investigation confirmed that unauthorized individuals had access to its network for three weeks between May 12, and May 30, 2023, during which time they exfiltrated files containing patient information.
- The information compromised in the incident varied from individual to individual and may have included names, phone numbers, addresses, dates of birth, Social Security numbers, medical record numbers, patient account numbers, dates of service, health insurance information, and limited treatment information.
Estée Lauder takes down some systems following cyberattack
- ALPHV, the ransomware threat actor taking credit for the attack, threatened to reveal more information about the data it claims to have stolen.
- The ALPHV ransomware group, which claims to be behind the attack, said it first contacted Estée Lauder leadership via corporate and personal email accounts on July 15.
- Estée Lauder confirmed an unauthorized threat actor gained access to its systems and stole data in a filing with the Securities and Exchange Commission. The company said cybersecurity experts and law enforcement are assisting with an ongoing investigation.
Dating app that claims 50 million users suffered a data breach
- Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained approximately 2.3 million records.
- Upon further investigation, it became clear that these records were associated with multiple dating applications contained in a single database.
- A majority of the records referred to an application called 419 Dating – Chat & Flirt. However, inside the database, I also saw information related to other dating apps called Meet You – Local Dating App by Enjoy Social App, and Speed Dating App For American by MyCircle Network Corp.
- The presence of what appeared to be logos and development files pertaining to these apps in the same database may be suggestive of the likelihood that all three dating apps are owned or developed by the same company using different names.
Global data breach could impact 70,000 residents, vendor employees with Hillsborough County
- More than 70,000 people will receive a letter from Hillsborough County about their personal information potentially being at risk after a global data breach, officials said.
- According to the county, the data breach involved the MOVEit file transfer tool, which is a HIPAA-compliant third-party file transfer service provider.
- They said cybersecurity staff installed and updated security patches water getting further instructions from the vendor and have continued to work on additional security patches over the following two weeks.
- Hillsborough Cybersecurity team then learned on June 18 that county files could have been impacted by the global breach. The team along with Hillsborough’s HIPAA officer reviewed affected files and found that the ones impacted came from the Healthcare Services and Aging Services departments.